Loading...

VONDS ©

Lab 24: File Permissions and Special Bits

Lab Index

Audit and correct dangerous permission changes on shared paths, then apply special bits correctly where they belong. Validate your fixes using long listings and numeric modes so the system behaves safely under real multi-user conditions.

security users troubleshooting

Scenario

A junior admin “fixed” access problems by loosening permissions in the wrong places. You’re brought in to investigate the damage, restore safe defaults, and apply special bits with intention. The priority is preventing cross-user deletion in shared directories and understanding when setuid/setgid are appropriate.

Operator context

Permission issues are rarely isolated. A sloppy chmod can silently create a security incident. Your job is to restore correct behavior and prove it with evidence.

Objective

  • Inspect the current permissions on /tmp and identify what is missing.
  • Restore proper permissions on /tmp using numeric mode.
  • Identify which special bit allows execution with the file owner’s privileges.
  • Apply setuid correctly to a target binary/script path.
  • Compute the numeric mode for a setgid directory with restricted access.

What You’ll Practice

  • Validating directory permissions with ls -ld.
  • Sticky bit behavior on world-writable directories (chmod 1777, chmod +t).
  • Special permission bits: setuid and setgid meaning and usage.
  • Switching between symbolic and numeric permission modes with confidence.
  • Translating a requirement into a correct octal mode (example: 2770).

Walkthrough

Step 1 : Inspect current /tmp permissions.
Command 
ls -ld /tmp

This shows directory permissions, ownership, and whether the sticky bit is enabled. In a multi-user system, /tmp must be world-writable, but it must also prevent users from deleting each other’s files. 

# Bad state example (missing sticky bit):
drwxrwxrwx  2 root root 4096 Jul 18 12:00 /tmp

# Good state includes "t" at the end:
drwxrwxrwt  ... /tmp
Step 2 : Restore correct permissions on /tmp.
Command 
chmod 1777 /tmp

1777 means: sticky bit (1) plus world-writable directory permissions (777). This is the standard safe default for /tmp. 

ls -ld /tmp
# Expect: drwxrwxrwt ... /tmp
Step 3 : Identify the special bit that runs a file with the owner’s privileges.
Answer 
setuid

setuid changes the effective user ID during execution, allowing a program to run with the file owner’s privileges. This is powerful and risky, so it must be used intentionally and sparingly.

Step 4 : Apply setuid to a target file.
Command 
chmod u+s /usr/local/bin/myscript
# OR
chmod 4755 /usr/local/bin/myscript

Symbolic mode is explicit and readable. Numeric mode is fast and unambiguous. After applying setuid, validate with a long listing and confirm an s appears in the owner execute position. 

ls -l /usr/local/bin/myscript
# Expect owner execute bit to show "s" (setuid).
Step 5 : Compute numeric mode for a setgid directory with full owner/group access only.
Answer 
2770

2 sets setgid on a directory so newly created files inherit the directory’s group ownership. 770 means owner and group have full permissions, and others have none.

Example 
# Example application:
chmod 2770 /srv/shared
ls -ld /srv/shared
# Expect: drwxrws--- ... /srv/shared

Reference

  • ls -ld <dir> : Shows directory permissions and special bits in long format.
  • chmod 1777 /tmp : World-writable directory with sticky bit (safe /tmp default).
  • Sticky bit (+t) : On a directory, only the file owner (or root) can delete/rename files inside it.
  • setuid (u+s, leading 4) : Executes a file with the file owner’s effective privileges.
  • setgid (g+s, leading 2 on directories) : New files inherit the directory group; useful for shared group collaboration.
  • Numeric mode example: 2770 : setgid + rwx for owner and group, none for others.